package com.woniuxy.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

/**
 * 自定义权限过滤器
 * 
 * true:能访问。。反之
 * 
 * @author YangTao
 *
 */
public class RolesFilter extends AuthorizationFilter {

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response,
            Object mappedValue) throws Exception {
        // 1 获取subject
        Subject currentUser = SecurityUtils.getSubject();
        // 2 获取配置文件信息，获取配置了哪些角色
        String[] roles = (String[]) mappedValue;
        // 3 判断当前用户是否有其中的一种，有救返回true
        if (roles != null && roles.length != 0) {// 避免没有配置导致出异常
            for (String role : roles) {
                // 有一个权限就返回TRUE
                if (currentUser.hasRole(role)) {
                    return true;

                }
            }
        }
        return false;
    }

}
